RSA Adaptive Authentication For ecommerce

Similar documents
Risk & Fraud Management Solutions

Global Bank Achieves Significant Savings and Increased Transaction Volume with Zero-Touch Authentication

ADVANTAGES OF A RISK BASED AUTHENTICATION STRATEGY FOR MASTERCARD SECURECODE

SOLUTION BRIEF PAYMENT SECURITY. How do I Balance Robust Security with a Frictionless Online Shopping Experience for Cardholders?

Card Not Present Fraud Webinar Transcript

Five Steps Towards Effective Fraud Management

Chargelytics Consulting

ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief

MASTERCARD SECURECODE ISSUER BEST PRACTICES

How Retailers Can Automate the Screening Process for Online Fraud While Preserving the Customer Shopping Experience

Mitigating Fraudulent CNP Transactions

Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath

A CHASE PAYMENTECH WHITE PAPER. Expanding internationally: Strategies to combat online fraud

Understanding and Combating Online Fraud in 2014

Securing Internet Payments across Europe. Guidelines for Detecting and Preventing Fraud

Product. Onboard Advisor Minimize Account Risk Through a Single, Integrated Onboarding Solution

FRAUD PREVENTION IN M-COMMERCE: ARE YOU FUTURE PROOFED? A Chase Paymentech Paper

Beyond passwords: Protect the mobile enterprise with smarter security solutions

A multi-layered approach to payment card security.

WHITE PAPER Moving Beyond the FFIEC Guidelines

ACI Response to FFIEC Guidance

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

Fraud Alert Management The Power of an Integrated Approach. Eric Kraus, Sr. Director Fraud Product Management

WHITEPAPER. Fraud Protection for Native Mobile Applications Benefits for Business Owners and End Users

Multi-Factor Authentication of Online Transactions

Frictionless Experience with Verified by Visa. Risk-based authentication case study

Enhancing Payment Card Security New Measures to be Phased in from 2 nd Quarter 2010 to 1 st Quarter 2011

Blackbaud Merchant Services Web Portal Guide

Your Gateway to Online Success

RSA Adaptive Authentication and Citrix NetScaler SDX Platform Overview

CA Arcot RiskFort. Overview. Benefits

RSA Solution Brief. RSA Adaptive Authentication. Balancing Risk, Cost and Convenience

ADVANCING FRAUD MANAGEMENT FOR MORE SECURE PAYMENTS ADVANCING COMMERCE

WHITEPAPER. Complying with the Red Flag Rules and FACT Act Address Discrepancy Rules

Card-Not-Present Fraud in a Post-EMV Environment: Combating the Fraud Spike

Fraud Prevention and Detection for Credit and Debit Card Transactions

Recognize the many faces of fraud

Fraud Detection. Configuration Guide for the Fraud Detection Module v epdq 2014, All rights reserved.

MASTERCARD PAYMENT GATEWAY SERVICES

MasterCard SecureCode Building Consumer Confidence, Extending Your Market Reach

Mitigating Fraud Risk Through Card Data Verification

Payment Card Industry (PCI) Data Security Standard. PCI DSS Applicability in an EMV Environment A Guidance Document Version 1

ACCEPT MORE ORDERS, FROM MORE PEOPLE, IN MORE PLACES.

Fraud Detection Module (basic)

Streamline Cardholder Authentication. Avoid being the target of online fraud

BinBase.com REPORT: credit card fraud

SAS. Fraud Management. Overview. Real-time scoring of all transactions for fast, accurate fraud detection. Challenges PRODUCT BRIEF

How To Spot & Prevent Fraudulent Credit Card Activity

ONLINE FRAUD MANAGEMENT BENCHMARKS

TSYS FRAUD MANAGEMENT SOLUTIONS

Fraud Prevention and Program Security Gord Jamieson Director Risk Management & Security Visa Canada Association

Tokenization: FAQs & General Information. BACKGROUND. GENERAL INFORMATION What is Tokenization?

Risk Mitigation in Travel. New Trends to Reduce Fraud and Increase Revenue

Transitions in Payments: PCI Compliance, EMV & True Transactions Security

User Behaviour Analytics

White Paper. FFIEC Authentication Compliance Using SecureAuth IdP

Visa Merchant Best Practice Guide for Cardholder Not Present Transactions

Your Single Source. for credit, debit and pre-paid services. Fraud Risk and Mitigation

WHITE PAPER. Internet Gambling Sites. Expose Fraud Rings and Stop Repeat Offenders with Device Reputation

White paper. Convenient Multi-Factor Authentication (MFA) for Web Portals & Enterprise Applications

Ineffective fraud prevention destroys profit margins. The right analytics keeps your business on target.

UPCOMING SCHEME CHANGES

Selecting the right cybercrime-prevention solution

fraud prevention solutions tougher on fraudsters, simpler for you DOCUMENT D EXECUTION INGENICO_PAYMENT_CMJN.ai

THE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.

Entrust IdentityGuard

The State of Insurance Fraud Technology. A study of insurer use, strategies and plans for anti-fraud technology

How To Use Paypal Manager Online Helpdesk For A Business

Device Fingerprinting and Fraud Protection Whitepaper

WHITE PAPER. Credit Issuers. Stop Application Fraud at the Source With Device Reputation

Statement of. Mark Nelsen. Senior Vice President, Risk Products and Business Intelligence. Visa Inc. House Ways & Means Subcommittee.

The need for a secure & trusted payment instrument in e-commerce. Ali AlMeshal

Fraud Solution for Financial Services

WHITE PAPER Fighting Banking Fraud Without Driving Away Customers

With the Target breach on everyone s mind, you may find these Customer Service Q & A s helpful.

Global Visa Card-Not-Present Merchant Guide to Greater Fraud Control. Protect Your Business and Your Customers with Visa s Layers of Security

Unified Payment Platform Payment Pos Server Fraud Detection Server Reconciliation Server Autobill Server e-point Server Mobile Payment Server

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Cash Run Fraud Protection & Global Payment Solution

Risk Management Service Guide. Version 4.2 August 2013 Business Gateway

Intralinks Best Practices in Security: Risk-Based Multi-Factor Authentication

PayPoint.net Gateway Guide to Identifying Fraud Risks

Best Practices in Account Takeover

Transcription:

RSA Adaptive Authentication For ecommerce Risk-based 3D Secure for Credit Card Issuers SOLUTION BRIEF RSA FRAUD & RISK INTELLIGENCE

The Threat of ecommerce Fraud ecommerce fraud is a threat to both issuers and merchants, who are targeted by increasingly sophisticated and elusive fraudsters Continued roll-out of EMV chip cards will push even more fraud to the online channel as has been seen in countries who have already moved to the chip and PIN cards LexisNexis reports that in 2015 large e-commerce merchants saw a 64% increase in revenue losses to fraud year over year. For mobile commerce merchants, year over year revenue loss to fraud grew 24%* Merchants adoption is increasing globally - the 3D Secure 2.0 protocol currently in development should drive even more adoption by putting more control of the cardholder experience in the hands of the merchant Consumers are concerned with security while on-line, but they want to be authenticated in an nonintrusive manner** RSA Adaptive Authentication For ecommerce RSA Adaptive Authentication for ecommerce provides the solution for financial institutions needing to offer additional cardholder protection and fraud management tools for the online shopping experience. Leveraging the widely accepted 3D Secure protocol and infrastructure, it enables merchants and issuers to provide a consistent, secure online shopping experience for cardholders while mitigating the risk of chargeback losses. Powered by the RSA Risk Engine, RSA Adaptive Authentication for ecommerce evaluates each on-line transaction in real-time to evaluate the level of risk. The RSA Risk Engine analyzes over one hundred indicators per transaction to identify the risk level of the transaction. The Risk Engine s high level of accuracy drives a very high fraud detection rate along with very low false positive rate. * http://cardnotpresent.com/news/default.aspx?id=12113 **RSA 2014 Consumer & Privacy Report 3 RSA SOLUTION BRIEF RSA Adaptive Authentication for ecommerce: Risk-based 3D Secure for Credit Card Issuers

AA for ecomm can significantly reduce fraud losses while challenging few legitimate customers. Not only does this improve cardholder experience and protect issuer revenue, it drives down operations costs associated with reviewing transactions that are genuine. Transparent Authentication for a Frictionless Cardholder Experience Utilizing the 3D Secure protocol and infrastructure, Adaptive Authentication for ecommerce enables merchants and issuers to provide a consistent, secure online shopping experience for cardholders while mitigating the risk of chargeback losses. RSA Adaptive Authentication for ecommerce allows issuing banks to provide Verified by Visa (VbV), MasterCard SecureCode, and American Express SafeKey support without impacting their cardholders online experience. Using the RSA Risk Engine, Adaptive Authentication for ecommerce transparently evaluates each transaction in real-time and determines the probability that the transaction is fraudulent. Only cardholders engaging in transactions determined to be high-risk will be challenged to authenticate, leaving approximately 95% of transactions from participating merchants unimpeded by the 3D Secure verification process. In addition, because of the transparent layer of authentication, cardholders are no longer required to go through a VbV, SecureCode or SafeKey enrollment process (the issuer enrolls entire BIN ranges) or remember a password (a range of step up authentication methods including One Time Password are available). This leaves cardholders to transact online uninterrupted. The RSA AA For ecommerce Risk Engine The RSA Risk Engine The RSA Risk Engine drives Adaptive Authentication for ecommerce s industry leading fraud detection rates and low false positives. The Risk Engine performs data mining and identifies new as well as existing fraud patterns by analyzing accumulated customer and transaction data, (e.g., merchant, country code, amount, velocity, device fingerprints, user agent, IP address/geo-location and more), as well as behavioral parameters (e.g., user responses to the RSA 3D Secure process) and input from the RSA efraudnetwork. AA for ecommerce customers have reported up to an 80% reduction in fraud, driven by the Risk Engine s accuracy and reliability. 4 RSA SOLUTION BRIEF RSA Adaptive Authentication for ecommerce: Risk-based 3D Secure for Credit Card Issuers

Risk Indicators Pre-defined indicators are used to alert the RSA Risk Engine of any specific, activity-related parameters known to be risky. The lists of pre-defined indicators are constantly updated using the vast amount of information provided to the RSA Risk Engine and feedback from the issuer s analysis teams and investigation of the Repudiation (Chargeback) files. Pre-defined indicators include, but are not limited to: efraudnetwork matches of risky IPs, devices, etc. Transaction amounts (maximum) Behavioral sequences High-risk IPs and geo-locations Merchants (specific or type) Profile-driven indicators are used to detect anomalies related to the specific profile and include: Device identification & characteristics ISPs, countries, connection types Velocity anomalies Usual activity time anomalies Average/cumulative activity amounts Previous behavioral sequences RSA Risk Engine profiling is not limited to the user level; the system also profiles: Resources (e.g. IP proxies, devices) Combinations of users and resources (e.g. users browsers) User groups (e.g. all users sharing a common profile attribute). Utilizing user groups is one of the many ways that allows the RSA Risk Engine to provide a risk decision even when little historical information is available on a specific user. Pattern Recognition Analytics The pattern recognition algorithm consolidates the various parameters and calculates the risk of fraud. The RSA Risk Engine logic is based on a Bayesian machine-learning algorithm, which is a statistical model used to weigh all evidence to calculate the probability of a transaction being fraudulent or high-risk. The Bayesian analytical model quickly detects emerging patterns based on a small sample of fraudulent activities. Enhanced learning capabilities, unlike the typical learning cycles of one to three months in neural networks, make this model crucial in the online environment as fraudsters are always adapting to the new security measures deployed by financial institutions by constantly switching targets and improving their means of attack. The fraud risk calculated by the Bayesian algorithm is recalculated on a daily basis, thus keeping the risk model always up-to-date. Some of the unique elements of the RSA Risk Engine include: Risk management. RSA analysis teams use cutting edge data mining technology to detect new fraud patterns within Repudiation files generated and sent to RSA on a weekly or bi-weekly basis. This valuable data is collected and reviewed and then used to set risk management rules to counter even the latest and most advanced fraud methodologies. In addition, the fraud patterns can be cross-referenced against other issuers data available in the RSA efraudnetwork, providing organizations with a holistic approach to fighting fraud. 5 RSA SOLUTION BRIEF RSA Adaptive Authentication for ecommerce: Risk-based 3D Secure for Credit Card Issuers

Active sampling. In order to better recognize new fraud trends without increasing the amount of false positives, the RSA Risk Engine employs a method called active sampling. In related cases where there is a slight suspicion of fraud, the RSA Risk Engine actively flags a small sample of them for further investigation. When these cases are identified as genuine or fraudulent, the RSA Risk Engine automatically fine tunes itself for improved efficiency and accuracy in the future. Learning from feedback. Fraudsters change their behavior rapidly so it is imperative for a fraud detection solution to offer real-time learning capabilities. RSA Adaptive Authentication for ecommerce detects activities suspected of being fraudulent and assigns them high-risk scores. The riskiest transactions are sent to a real-time Case Management system for review by the issuing institution. The investigation results are then relayed back to the RSA Risk Engine which updates itself accordingly. The RSA Risk Engine works in both directions to keep the false-positive rate to a minimum. In the same manner confirmed fraud implicates associated transactions, the transactions that are confirmed to be genuine update within the RSA Risk Engine. For example, if a new proxy with highly unusual activities is detected, the RSA Risk Engine assigns it as a high risk of fraud. However, if the investigation shows that these activities are legitimate, this information is relayed back to the RSA Risk Engine. This advanced capability allows the system to evolve and adapt at an unparalleled pace. Success Metrics The following results have been seen from issuing institutions who have implemented RSA Adaptive Authentication for ecommerce: 50%-85% overall fraud reduction for on-line card-based transactions ~95% transactions transparently authenticated and successfully processed 50%-70% fraud prediction accuracy with around a 1:1 false positive ratio (FPR) compared to industry standards of over 20:1 FPR in credit card transactions. 12 day average reduction in fraud report time - with AA for ecomm suspected fraud can be detected and reported as soon as it happens while customers typically call the bank only after they receive their monthly statement The importance of charge-back data The RSA Risk Engine easily adapts to and protects against new fraud patterns emerging over time. The Repudiation file, sent on a weekly or bi-weekly basis, helps RSA fraud analysts fine-tune the RSA Risk Engine rules for each issuer. For example, RSA fraud analysts can identify a fraud pattern typical for a specific merchant in a specific location. The information is relayed back to the RSA Risk Engine that uses this data to update the risk management rules in order to prevent future occurrences of this fraud pattern. User Authentication Options RSA understands that each issuer has different risk tolerance, business priorities and cardholder relationships. Therefore we off a broad range of authentication options. Authentication methods used from the platform include: On-Card Data Elements: These Include Card Expiration Date And Cvv2 Code Off-Card Data Elements: These Are Selected By The Issuer And Can Include Date Of Birth, Zip Code, Phone Number, Challenge Questions Or Other Issuer-Defined Elements Out Of Band SMS: One Time Password Challenging high-risk transactions with an SMS which is sent to the customers mobile phone and the corresponding code is used during the check-out process 6 RSA SOLUTION BRIEF RSA Adaptive Authentication for ecommerce: Risk-based 3D Secure for Credit Card Issuers

Knowledge-Based Authentication: Challenging high-risk transactions with top-of-mind questions only genuine users would know (US and UK only) Issuer-Defined Authentication Method: Issuers can leverage their choice of authentication method as well. For example we are starting to see interest from some existing customers in using biometrics to authenticate. Functional Description End User Interface In RSA Adaptive Authentication for ecommerce, cardholders are only presented a challenge page for high-risk transactions. Issuers can customize the challenge page to reflect their own look and feel as well as the type of challenge to present to their customers. Back Office Tools Policy Manager RSA realizes the importance of providing our issuing customers with the ability to manage their own card business(es). To that end, RSA Adaptive Authentication for ecommerce offers our customers a robust Policy Manager to help manage their own business as they see fit. The Policy Manager provides: Card brand specific user experience Ability to balance case volumes A controlled way to manage overall fraud costs by business line Priority on how and when business rules will be applied Testing Mode to analyze potential impact before promoting to production Case Management RSA Adaptive Authentication for ecommerce contains a highly effective Case Management application for tracking transactions that have been blocked or failed an authentication challenge. The Case Management system presents a clear picture of suspected fraud cases, allowing fraud teams to contact cardholders and check if their card has been compromised. Contacting the cardholders and managing the suspected fraud cases has the following benefits: Identifies compromised cards as soon as fraud occurs Cardholders perceive this as a proactive, favorable action by their financial institution Provides insight on current fraud attacks and methods of operation Provides a full record of the investigation of each suspected fraud case Provides a constant feed of results back into the system Optionally, if a card issuing institution would prefer to utilize their own case management system, RSA Adaptive Authentication for ecommerce offers predefined integration options to manage cases that have been blocked or failed additional authentication. Customer Service The Customer Service application is a web-based application designed to assist the issuer s Customer Service personnel in helping cardholders with their various inquiries. www.rsa.com ABOUT RSA RSA provides more than 30,000 customers around the world with the essential security capabilities to protect their most valuable assets from cyber threats. With RSA s award-winning products, organizations effectively detect, investigate, and respond to advanced attacks; confirm and manage identities; and ultimately, reduce IP theft, fraud, and cybercrime. For more information, go to www.rsa.com. EMC 2, EMC, the EMC logo, RSA, and the RSA logo, are registered trademarks or trademarks of EMC Corporation in the United States and other countries. VMware is a registered trademark or trademark of VMware, Inc., in the United States and other jurisdictions. Copyright 2016 EMC Corporation. All rights reserved. Published in the USA.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information